Analysis
-
max time kernel
47s -
max time network
153s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
30-05-2024 13:10
Static task
static1
Behavioral task
behavioral1
Sample
manager.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
manager.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
manager.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
manager.apk
-
Size
4.3MB
-
MD5
02a2ff9e69d85de4dad105213f620382
-
SHA1
690396a68222724daff6622715643cfa48ce5940
-
SHA256
c2da3df534ece06c4e87d60ae4690f4c58a9b6d3d05a45898181123201c1d8d9
-
SHA512
041c83686150960f2a5373f6a84a58d0361e0374b6947cd5c0071ca5fbc11569aefaf614831085a1412146431eab96ef76893792aede0c4f820a7c170e28ea23
-
SSDEEP
98304:AAU5ofra3s1A/YOkmr8R9OobyFB9Uiwyt7JsXFI:qkCYS+Fbq9Ure6X+
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk com.vanced.manager /system/xbin/su com.vanced.manager -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.vanced.manager -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.vanced.manager -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.vanced.manager -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.vanced.manager -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.vanced.manager -
Checks the presence of a debugger
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40KB
MD55a58283f14250b84dcb566bd8ac19a70
SHA153b2265e86e6657197f3cfc0ae925e4119cbf825
SHA2563bff06b43c10be176dd0324ff28bda74ad25eede6973c2e13e25a591ea9f9f06
SHA5129f667a7bed869d4bdb8be0c8f5679cdc801da1191dc5c10124abd50728d761da62876b54884c14d84747eb8d4c4b3559e6e59abdbddb8cd3cce78c44cbbdb7a9
-
Filesize
24KB
MD547daada2c174afd76f90e9692c4a6f21
SHA1eca4bad6d8571daa2504d917764556376bdfa96e
SHA2561532bc5c1b3b592bc3717bea0801e91aad4c39dab2be5f833ca8eebd56a279f6
SHA5124839055a32878aca37456cb92a9ab036df8daa533f10467230d720c0e11de7952d8bcaa8ced6a7ea3ea75fe3cd0ac6a3f667303056c0c73c275b92874fe4d996
-
Filesize
512B
MD5949a8a84dc54f6786a97ca0e12b70634
SHA1bc3b66937ae11b731c2a8f929da74e2d91e00a1b
SHA25674be24e280faa43894244929bf4e09c17e6dc09f9d1f846ca1b915c24c72744b
SHA512934040fb5c267ead1dcf36c9ebae858e0ba26a2c0c5b873f856d6ef66383db317f5bb9d05efb26f1ddacebde122b5204a130a19a4bf91bc3c0888f18fa50f9df
-
Filesize
16KB
MD5a247f46eb92b2fe8f8ee66d97a14146d
SHA1686236aa46ef33b3b4f82786a7148bcc918acaa9
SHA2560584eaddedc72244594036234773516b67a53dfdd50779fcc4f2d510c6ba88c1
SHA51234f3662d539fb5f1f57aa9cb9fa1df4822864b7daa009c1e90512e9d0c75c2e29fbe23522a706c0b3b506bdabadb153df54e995649d9fcd8c2445f1cf73b0a59
-
Filesize
16KB
MD505fd09b564919c2c5a59687c8aca6fd5
SHA1102c52df500f171dab2814ed13986686e92e1f62
SHA256d15b7af92db1324cff87ecee262525b9b51ba682e52756efebb3ddb35c9685b4
SHA512dfe7d1b14bbc1871cc4e1716fa7cd92a0ece2d936c67e1e5bceac5cdbabbc93d0da1c28faebcfa4d20e90e08022a7376544b6124744cc6b53040498c3d331b47
-
Filesize
8KB
MD58cb3d4580db7a7df1d3f6675e09de5be
SHA19b22f35c1638d34f394a8cd8dfc8b38518c1a749
SHA2563f1661d71e756c1d6d62cf705368322156f465299efd6cba1f5e51831745201e
SHA512eeab59819c9ff4d962da50c897c38632f5b3e2863989172330a5403c74429e2e1c482409f5c3f28fb0a0b253d1ff4d9cc945eb24a9de8b9dca9c687c91c9ea11
-
Filesize
8KB
MD51b61c929fbc8a2382c1221bbffb9873a
SHA1354959360563b6e17500e532c75244703bc03b53
SHA25664b6f011c1db0801c526b69f27bb6609f7869eaf280dae229170c26eb78a4c19
SHA5120e95c8c8ca72355152eb1c22eb4f9151038042978f079ac4434b22119852ec3b0bd19c8a1fe2bfefba51f5b679037433401a261b695d72a641641054390530fc
-
Filesize
16KB
MD5eb52a90bb70b76e946b62f50b6f7fb85
SHA142d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA25648472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c
-
Filesize
16KB
MD56cb56a78a18c20f7898537611f39f6f9
SHA15e335b06c4487600aca20faf28b1e17456b124e1
SHA256f25c55ad50137d7bfe81f6b041de802bfe3852d1b5179812c6b1e7c8267180a8
SHA5127b043c216a7a9dc9f9b47b4d2d713df358b1bd50cb42a5c1137d5b70e5f73dd6ced851f5cc11fcc5b7a20153688baba919c6942cf29f176decd7bee1ee0fc74a
-
Filesize
16KB
MD5afb99d23b762ba9e0d3bb2369eb9193e
SHA1994313922763c24dc85911aef8617bc04ffa4b5a
SHA25600650465ccb86db852446563ea5ee3b8401d86c9ab163aa386eb84c314b75c20
SHA512ae0146420053fb93cea08056369b71778568dda8017bc8dee716440e522c4e35224642f30c407d4bbed10ddc687f3a1955a0530e0113a3f87bb55fb4ccaeada1
-
Filesize
16KB
MD5c79d8215e6e408ee55ef33b6493b5d3a
SHA1a72eda1151099992b9fe4e16e45b118d4743f6e9
SHA2565242ca9d0852c276fe9aa8e045d1586bfed6493fb144d589a3365c24d949484a
SHA512157b6bea8b7e599dbf710a3f21b9de756a615e3faa8648a576af998573980f102a58772eb888a58005cf07856cc5b165b7b0e94c752e2fe5d8c0d09d52e43ed6
-
Filesize
16KB
MD5015107523714beacc027e28e04dfd9c8
SHA1c528ea0c2565d3cfb626fb36d3196c4bf81d4c6e
SHA2568e77cf0f60cde63ec796d6e3db91a637c26bd215090ee800d1a58f5a36eb7bbc
SHA5123d5c24c588b57ec0190abd2d4ebbd0c748a7231b296df7280090393d7886a0dac6c9bef75947e563acf717ca07cd1bcc244ffadbdc26fca30478b864107ceaa9
-
Filesize
16KB
MD581f0bdd39b514be1c7b64d2c025494c3
SHA152b0e15dcd0c96c5662b2aa222615c6a5af4ca3a
SHA256d8ee6f7ccbe82fbdfc46a5624a0b79646a2a77a6eb78c5f6b88046268c7b8314
SHA512470bc599ed101d406ac11fc3f01627917b8a5032a02de7d347145befb5e1f8f083f2887e486a9684ebb8b5c115eeeba6751afc749ed8381168f24bf9f94fdc51
-
Filesize
512B
MD53d61531925cd272de47345550d423835
SHA1b4413ef7c5b22859f8832ffae263d2f336297ae5
SHA256d89266a39d0c26e3ccf61ae77674199a824fb1453fe5c12b66e8b8f7b0ee70b4
SHA51286588a6df86f0869a271178d31a54386f5e9807e4947538a9bb239259304fa6372dc9aebb5c5cdbe5ead88696fb2416462952e16073f0fd092dce5c2798f10ab
-
Filesize
8KB
MD5444b5f6da1b9b7878a6a6df9eb649773
SHA1df9deaa53b3e040ad07dab0cce6c123680def5ed
SHA2564690d31639f8794d155a892bf245a84ec7ae6af8f75784c24fc007ec2c6932db
SHA512b234b9b704465ab40926ea6a4c79fce1a2065da2367727468c29fc86aa991a8dd02b4fcb8aaa12ecf366e775c525b4be3393c85caaa6c2d6ec462917cce3c1a1
-
Filesize
4KB
MD57a3ac2e52715fa6f297966b993d74984
SHA176104ad57aa2a4ddc0d9c0f1f03387f7cd4ff481
SHA256f8428729980438f509611e7d92c9fa64b86886195750484a9b91fd44c6abe141
SHA512f1f2c58104e65659c824bf83fedb8b81f34bc3c99a10fdc58a3017e7fa6de168f164fae59720ea345f5477d8810da826d147bcd3d83b4ffd0b1c1579ae96ecce
-
Filesize
8KB
MD50b6d9b9a4ff162b204956d5d52283b62
SHA1ced10fe8b97389fccc80444efb946135cf25af70
SHA25671cc1b9416e94c332ac650cb1076b84207b4ca912189c9458b2949f0b73b944c
SHA512843d1c9c92d58e74f96d045b1250340fbe48458a460c5fd10e3df57f56a6c3bb216e0ce8335195662d92af46102643d8539e402dc3b24adee9ee61f0394b2498
-
Filesize
8KB
MD5d5072379286eac52216b3a027e6cc613
SHA171c0ca739ca4a24d3ab84d26ca5c1c946dd24451
SHA256dec5671ef63490a8459bc440de00bb3601104da114ab643cb341af10d7adfa64
SHA51278a74901534b48dc8ba3f17cfd9b27b9ea42e181677b2fd3821b2992a293e8e7f457735fd4ca5e4c24bb2f46cca9c93aea4496b651333dec2116a9a1bbbecb7f
-
Filesize
8KB
MD5da7cd0eac16f18eb86a381b3231bb6c2
SHA19c9703b886cf2860d6afe2329afc238ac02329fb
SHA256d7176694e3ef01e510b2e4e74994b6fa129c4775662e158db26769171fcd124b
SHA512bc666810080e8e785eca054bb35a7f4659425f41e459a69e1245f647f7c680c85590b488b82a3eb669198d5f90d4feb53c80649ead4791f066ef4ec08a2a4ca8
-
Filesize
716B
MD5401c57f17d3ad353d423b8532fa2c87e
SHA1168e31d119aac9fa136471430df9337ab8ec639c
SHA256925e6b9e473d38c3222c369e1c61107a834761916b85d52414bfc0d236f19995
SHA512c75d90f104014a1493de5bdebafbd81b6677533d8fb048b723eacf50e4a6d079dfe2e8e055160e7ab17d234606169711a28d431213265aba7e8178838e54417d
-
/data/data/com.vanced.manager/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-66587AD2007900011470446A96EE8278.temp
Filesize198B
MD51e8b11756772889dda6d888dc42e5e95
SHA1f2781b5af5bff1286a66e5ce5557aacf758112fb
SHA256bf20225a9cfa696fc2eb741de5bc0e9b920477499b34d71ba25f7d2e3b90f787
SHA512ef7fb9937ac05efde183461b18ae29bb0f538474d5e3f3c7130ee30f61abb6f67ee2a070fb70e598b91f2bedb094f497caa8d5788da11e4d81ad40eaba146546
-
/data/data/com.vanced.manager/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-66587AD2007900011470446A96EE8278.temp.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.vanced.manager/files/.com.google.firebase.crashlytics/report-persistence/sessions/66587AD2007900011470446A96EE8278/report
Filesize764B
MD572c2ac8598304f9a64df9d1ad57fc9d2
SHA1bcd6668711e586e94c484f330ea994fef4c26bdb
SHA25601d071c3f845f5ca6674de6dc70b9e3bbed1c20adb2d75ac9aa60ede437b8c8d
SHA51220d7711eaf11a53729b9fc357ec08c6bf336b3f8e0ddb05024d0021bf08e4733e12ebb9dd9b3ba4e6e9c9dcba0923e08656ff56b8faa28e259784e9b45d0bbab
-
Filesize
90B
MD50297c3f750a2ab7ab90a6724659445b8
SHA1274e2058eaf61a4b5aaa00fd1ca4d18221320b34
SHA25659ed6f647647b53b585293f55328ecbd4a64c93493de2dba6766a43466418572
SHA51272100131f34dbcfe7f40542beb32fa79b5185a0f8f34f17e789a2d928ebb095beb53d37c85214fc73874b0c456751b99d194dffe6edca32b152edc2d717a7789
-
Filesize
570B
MD5699eaadad2257ebfe955793d5ed004f2
SHA1f0e5c008d31d9509ac91adb842228c4b3238ce6c
SHA256dc38bf6ec362e4de04f1aa5bf14e85ba654b2eb32e66370830736c46bb062051
SHA512790831499abbce5cfb172d560c4cefb2e73da0029da875be4a9194560bd66c43229b8a79cadd92f85403154c94e70103250ea7c211d45b13056cd3a6017eb3f9
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5dfc5209136c3a87edac101ce864ab4c8
SHA145358ce4c5fd6270eea2c0846da8f70107f38b1d
SHA2564d5a4975f1a204f772932316f63953a4811e22e904828d677d7de1df00364802
SHA5127821d307fc6f31d89ac3ac6d25865eea300f4978f0332cf12cabe57f80390100476e5a419f890c47bd19ad48c7beac8f292e4a52d49513ec4881262b28a9949a
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD5c5a03f20056576a1ff4a8482c892b669
SHA10b833689e18ffa1c6b2945ec6c9c0e990501eb94
SHA256a5588986434a3629a305b2946d02a0afdf47203ffa77264846a53b680e9df5c8
SHA51276cac205b7b86bc98898a3ea29c85d61201a79ab3610a1a2ffe94ae5b747068c1820971774f51a59b310e6fa794d36a3584d6a05873f6f06b7f1bc6e88c6cc74
-
Filesize
108KB
MD541a4c8d9cb25ebfa18b8d0f6b7914b36
SHA18b976e3ae02d71a7342f09e91471f07317682a28
SHA256fc85d471aab0729f21f127e12abc2d6360628d8d2b4f0497b3c5379ccfb96e4d
SHA512070f2299b24e8b1ca484da9a57e146213a322e38acd255a9af389a8b099bf5760690d3a1696eac39124cdd65b9630a56f152ee8c6dc54f562c1e8f03c576d3ba